This document attempts to explain how the different components in multicluster global hub come together to deliver multicluster management at very high scale. The multicluster-global-hub operator is the root operator which pulls in all things needed.
Operator is for multicluster global hub. It is used to deploy all required components for multicluster management. The components include multicluster-global-hub-manager in the global hub cluster and multicluster-global-hub-agent in the managed hub clusters.
The Operator also leverages the manifestwork to deploy the Advanced Cluster Management for Kubernetes in the managed cluster. So the managed cluster is switched to a standard ACM Hub cluster (managed hub cluster).
The manager is used to persist the data into the postgreSQL. The data is from Kafka transport. The manager is also used to post the data to Kafka transport so that it can be synced to the managed hub clusters.
The agent is running in the managed hub clusters. It is responsible to sync-up the data between the global cluster hub and the managed hub clusters. For instance, sync-up the managed clusters' info from the managed hub clusters to the global hub cluster and sync-up the policy or application from the global hub cluster to the managed hub clusters.
Grafana runs on the global hub cluster, as the main service for Global Hub Observability. The Postgres data collected by the Global Hub Manager services as its default DataSource. By exposing the service via route(multicluster-global-hub-grafana
), you can access the global hub grafana dashboards just like accessing the openshift console.
- Connect to a Kubernetes cluster with
kubectl
- ACM or OCM is installed on the Kubernetes cluster
- PostgreSQL is installed and a database is created for the multicluster global hub. A secret
multicluster-global-hub-storage
contains the credential is created inopen-cluster-management
namespace.
- The
database_uri
format likepostgres://<user>:<password>@<host>:<port>/<database>?sslmode=<mode>
. It is used to create the database and insert data. - The
database_uri_with_readonlyuser
format likepostgres://<user>:<password>@<host>:<port>/<database>?sslmode=<mode>
. it is used to query data by global hub grafana. ca.crt
based on the sslmode. It is an optional.
kubectl create secret generic multicluster-global-hub-storage -n "open-cluster-management" \
--from-literal=database_uri=<postgresql-uri> \
--from-literal=database_uri_with_readonlyuser=<postgresql-uri-with-readonlyuser> \
--from-file=ca.crt=<CA-for-postgres-server>
You can run this sample script
./operator/config/samples/storage/deploy_postgres.sh
(Note: the client version of kubectl must be v1.21+) to install postgres inmulticluster-global-hub-postgres
namespace and create the secretmulticluster-global-hub-storage
in namespaceopen-cluster-management
automatically. To override the secret namespace, setTARGET_NAMESPACE
environment variable to the ACM installation namespace before executing the script. By default, we are usingClusterIP
for accessing the postgres database, because we assume run this sample script in global hub cluster. If you want to deploy postgres in another cluster, you can consider to use the service type withnodePort
orLoadBalancer
. For more information, please refer to this document.
- Kafka is installed and three topics
spec
status
andevent
are created, also a secret with namemulticluster-global-hub-transport
that contains the kafka access information should be created inopen-cluster-management
namespace:
kubectl create secret generic multicluster-global-hub-transport -n "open-cluster-management" \
--from-literal=bootstrap_server=<kafka-bootstrap-server-address> \
--from-file=ca.crt=<CA-cert-for-kafka-server> \
--from-file=client.crt=<Client-cert-for-kafka-server> \
--from-file=client.key=<Client-key-for-kafka-server>
As above, You can run this sample script
./operator/config/samples/transport/deploy_kafka.sh
to install kafka in kafka namespace and create the secretmulticluster-global-hub-transport
in namespaceopen-cluster-management
automatically. To override the secret namespace, setTARGET_NAMESPACE
environment variable to the ACM installation namespace before executing the script.
Note: You can also install Multicluster Global Hub Operator from Operator Hub if you have ACM installed in an OpenShift Container Platform, the operator can be found in community operators by searching "multicluster global hub" keyword in the filter box, then follow the document to install the operator.
Follow the steps below to instal Multicluster Global Hub Operator in developing environment:
- Check out the multicluster-global-hub repository
git clone git@github.com:stolostron/multicluster-global-hub.git
cd multicluster-global-hub/operator
- Build and push your image to the location specified by
IMG
:
make docker-build docker-push IMG=<some-registry>/multicluster-global-hub-operator:<tag>
- Deploy the controller to the cluster with the image specified by
IMG
:
make deploy IMG=<some-registry>/multicluster-global-hub-operator:<tag>
Note: Specify TARGET_NAMESPACE
environment variable if you're trying to deploy the operator into another namespace rather than open-cluster-management
, keep in mind the namespace must be the ACM installation namespace.
- Install instance of custom resource:
kubectl apply -k config/samples/
- Delete the multicluster-global-hub-operator CR:
kubectl delete mgh --all
- Delete the multicluster-global-hub-operator:
Note: This will delete Multicluster Global Hub Operator and the CRD from the cluster.
make undeploy
Go to the Contributing guide to learn how to get involved.